List audit logs

Updated on Nov 5, 2024
Published on Mar 23, 2023

5 minute(s) read

Get

/v1alpha/audit_logs

The audit log endpoint enables you to retrieve log entries from Torq. The logs are retrieved for the workspace on which the API key used for authenticating the request was created. For more information, see the audit logs documentation.

Security

HTTP

Type bearer

Query parameters

start_time

string (date-time)

Will retrieve log entries created after this timestamp. This parameter is optional. If empty, will retrieve all log entries from the previous 24 hours until the end timestamp. If neither a start or end timestamp is provided, will pull all log entries created in the last 24 hours. Timestamps are in RFC 3339 format, for example, 2022-03-09T08:40:18.490771179Z.

end_time

string (date-time)

Will retrieve log entries created before this timestamp. This parameter is optional. If empty, will retrieve all log entries from the start timestamp until now. If both the start or end timestamp are empty, will pull all log entries created in the last 24 hours. Timestamps are in RFC 3339 format, for example, 2022-03-09T08:40:18.490771179Z.

page_size

integer (int32)

The maximum number of log entries to retrieve per page. Default is 100. Maximum is 500. If results exceed the defined page size, use pagination to retrieve the next page

Default100

page_token

string

Token received from a previous List audit logs request. Provide this to retrieve the next page of results.

order

string

Sort results by timestamp. Can be asc (oldest first) or desc (latest first). Default is desc.

Default"desc"

Responses

200

A successful response.

Expand All

object

audit_logs

Array of object (v1alphaAuditLog)

An array of audit log objects.

object

string (uuid)

Unique identifier of the log entry.

Example74e19393-3e94-48d2-8b60-26f2d2665942

timestamp

string (date-time)

The timestamp when the action that created the log entry was performed. For example, if a secret was deleted, it's the timestamp when the secret was was deleted.

Example2022-03-09T08:40:18Z

string (email)

The email address of the actor that performed the action that created the log entry. If actor type is "web_app", it's the authenticated user's email address. If the actor type is api_key, it's the email address of the user that generated the API key.

Exampleuser@email.com

actor_name

string (email)

The name of the actor that performed the action that created the log entry. Can be the user name or the API key name.

Exampleuser@email.com

actor_type

string

The type of actor that performed the action that created the log entry. Can be "web_app", "api_key", or "slack".

Exampleweb_app

action

string

The action that created the log entry. For example: "Integration created".

ExampleIntegration created

resource_id

string (uuid)

Unique identifier of the resource on which the action was taken.

Example74e19393-3e94-48d2-8b60-26f2d2665942

resource_name

string

The name of the resource on which the action was taken. For example, if a secret was deleted, this would be the name of the secret that was deleted.

ExampleMy Integration

string

The IP address of the actor, either a public IPv4 or IPv6 address.

Example8.8.8.8

user_agent

string

The data that the browser sends in the User-Agent header in the HTTP request. This information is not authenticated and should be treated accordingly.

ExampleMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

extra_data

object

Additional data relevant to the action performed. Workflows will include the revision id, users will include the user's role.

account_id

string (uuid)

Unique identifier of the workspace where the action was performed.

Example74e19393-3e94-48d2-8b60-26f2d2665942

account_name

string

The name of the workspace where the action was performed.

ExampleMy Workspace

next_page_token

string

When a token is returned it indicates there is another page of results to retrieve. Pass this token in the pageToken parameter in a subsequent List audit logs request to retrieve the next page of results. If this field is empty, there are no additional pages to retrieve.

401

Invalid bearer token. If you receive this message more than once try creating a new Client ID/Client Secret or generating a new bearer token.

object

403

You don't have permission to access this resource.

object

default

An unexpected error response.

Expand All

object

code

integer (int32)

message

string

details

Array of object (protobufAny)

object

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo))

Example 2: Pack and unpack a message in Java.

Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) // or ... if (any.isSameTypeAs(Foo.getDefaultInstance()))

Example 3: Pack and unpack a message in Python.

foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo any, err := anypb.New(foo) if err != nil ... foo := &pb.Foo if err := any.UnmarshalTo(foo); err != nil

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile; message Person

{ "@type": "type.googleapis.com/google.profile.Person", "firstName": , "lastName": }

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }

@type

string

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one "/" character. The last segment of the URL's path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading "." is not accepted).

In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows:

If no scheme is provided, https is assumed.
An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)

Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one.

Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

property*

object additionalProperties

Was this article helpful?